25-cipher.cnf.in 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159
  1. # -*- mode: perl; -*-
  2. # Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. ## Test version negotiation
  9. use strict;
  10. use warnings;
  11. package ssltests;
  12. use OpenSSL::Test::Utils;
  13. our $fips_mode;
  14. our @tests = (
  15. {
  16. name => "cipher-server-1",
  17. server => {
  18. "MaxProtocol" => "TLSv1.2",
  19. "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
  20. },
  21. client => {
  22. "MaxProtocol" => "TLSv1.2",
  23. "CipherString" => "ECDHE-RSA-AES256-SHA384"
  24. },
  25. test => {
  26. "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
  27. },
  28. },
  29. {
  30. name => "cipher-server-2",
  31. server => {
  32. "MaxProtocol" => "TLSv1.2",
  33. "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
  34. },
  35. client => {
  36. "MaxProtocol" => "TLSv1.2",
  37. "CipherString" => "ECDHE-RSA-AES128-SHA256"
  38. },
  39. test => {
  40. "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256",
  41. },
  42. },
  43. {
  44. name => "cipher-server-client-list",
  45. server => {
  46. "MaxProtocol" => "TLSv1.2",
  47. "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
  48. },
  49. client => {
  50. "MaxProtocol" => "TLSv1.2",
  51. "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
  52. },
  53. test => {
  54. "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256",
  55. },
  56. },
  57. {
  58. name => "cipher-server-pref-1",
  59. server => {
  60. "MaxProtocol" => "TLSv1.2",
  61. "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
  62. "Options" => "ServerPreference",
  63. },
  64. client => {
  65. "MaxProtocol" => "TLSv1.2",
  66. "CipherString" => "ECDHE-RSA-AES256-SHA384"
  67. },
  68. test => {
  69. "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
  70. },
  71. },
  72. {
  73. name => "cipher-server-pref-2",
  74. server => {
  75. "MaxProtocol" => "TLSv1.2",
  76. "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
  77. "Options" => "ServerPreference",
  78. },
  79. client => {
  80. "MaxProtocol" => "TLSv1.2",
  81. "CipherString" => "ECDHE-RSA-AES128-SHA256"
  82. },
  83. test => {
  84. "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256",
  85. },
  86. },
  87. {
  88. name => "cipher-server-pref-client-list",
  89. server => {
  90. "MaxProtocol" => "TLSv1.2",
  91. "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
  92. "Options" => "ServerPreference",
  93. },
  94. client => {
  95. "MaxProtocol" => "TLSv1.2",
  96. "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
  97. },
  98. test => {
  99. "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
  100. },
  101. },
  102. {
  103. name => "cipher-server-pref-not-mobile",
  104. server => {
  105. "MaxProtocol" => "TLSv1.2",
  106. "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305",
  107. "Options" => "ServerPreference",
  108. },
  109. client => {
  110. "MaxProtocol" => "TLSv1.2",
  111. "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
  112. },
  113. test => {
  114. "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
  115. },
  116. },
  117. {
  118. name => "cipher-server-pref-mobile",
  119. server => {
  120. "MaxProtocol" => "TLSv1.2",
  121. "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305",
  122. "Options" => "ServerPreference,PrioritizeChaCha",
  123. },
  124. client => {
  125. "MaxProtocol" => "TLSv1.2",
  126. "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305",
  127. },
  128. test => {
  129. "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
  130. },
  131. },
  132. );
  133. my @tests_poly1305 = (
  134. {
  135. name => "cipher-server-pref-mobile2",
  136. server => {
  137. "MaxProtocol" => "TLSv1.2",
  138. "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305",
  139. "Options" => "ServerPreference,PrioritizeChaCha",
  140. },
  141. client => {
  142. "MaxProtocol" => "TLSv1.2",
  143. "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
  144. },
  145. test => {
  146. "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305",
  147. },
  148. },
  149. );
  150. push @tests, @tests_poly1305
  151. unless disabled("poly1305") || disabled("chacha") || $fips_mode;